Public bug reported: I updated my Server from xenial to bionic today. on xenial I was using the openvpn repo from the openvpn developers (https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos)
now that bionic ships a more recent version I removed the ppa and switched to the distro version (2.4.4) my openvpn server assings a real ipv6 address and does nat for ipv4 forevery client. Also i push a route so a /64 ipv6 net and one ipv4 address is reachable through the tunnel. (I have firewalled a server so it is only reachable through the tunnels ips) With openvpn 2.4.4 from bionic repo this does not work anymore, aka the server is not reachable anymore. I quicky reactivated the xenial repo from https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos and upgraded the server again (to 2.4.6) after a restart I was able to reach my server again. so most likely there is a bug in bionics 2.4.4 version of openvpn client config: client dev tun proto udp remote <ipv4-address> 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert martin-pc.crt key martin-pc.key remote-cert-tls server tls-crypt ta.key cipher AES-256-GCM tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 auth SHA512 comp-lzo explicit-exit-notify pull-filter ignore "route" pull-filter ignore "dhcp" pull-filter ignore "redirect" route-ipv6 <ipv6-net i want to reach>/64 <ipv6 ip of server> 1 route <server i want to reach ipv4> 255.255.255.255 10.8.0.1 1 server config: port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh4096.pem topology subnet server 10.8.0.0 255.255.255.0 server-ipv6 <ipv6 net usable for clients>/112 ifconfig-pool-persist ipp.txt push "route-ipv6 2000::/3 <ipv6 server ip> 1" script-security 2 learn-address "/usr/bin/sudo -u root /etc/openvpn/scripts/ndp-proxy-setup.sh" push "redirect-gateway def1" push "redirect-gateway ipv6" push "dhcp-option DNS 1.1.1.1" keepalive 10 120 tls-crypt /etc/openvpn/easy-rsa/keys/ta.key tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 auth SHA512 cipher AES-256-GCM #compress lz4 comp-lzo persist-key persist-tun status openvpn-status.log #verb 6 user openvpn group openvpn ** Affects: openvpn (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1787208 Title: Openvpn routing issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1787208/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
